How to configure the OIDC config with GO package-github.com/hashicorp/vault/api

Question

We are able to initialize/unseal and enable the vault using bellow code.

newres, err := client.Sys().Init(&intireq)
resseal, err := client.Sys().Unseal("xxxxxxxxxxxxxxxxxxxxx")
fmt.Println("resseal:", resseal)
enableopt := vault.MountInput{}
enableopt.Type = "oidc"
client.SetToken("xxxxxxxxxxxxxxxxxx")

err = client.Sys().EnableAuthWithOptions("oidc", &enableopt)

We can see oidc enabled in UI also. Now we need to configure the oidc, which if done from UI it is using below POST api with configs id: "oidc", oidc_discovery_url:"xxxxxx"......

https://vault.xxxxxx.com/v1/auth/oidc/config

We need to configure the same from our GO code where we are using go client vault "github.com/hashicorp/vault/api"

Not able to get the method for auth configuration need help on correct method.

I do not see OIDC on the list of supported bindings at https://pkg.go.dev/github.com/hashicorp/vault/api#section-directories, so you probably need to directly hit the API endpoints. — Matthew Schuchard, Aug 30 '22 at 17:35

score 1 · Answer 1 · answered Oct 04 '22 at 18:42

The API is exposed in the Logical() struct, so you can use something like

type oidcConfig struct {
    OIDCDiscoveryURL string `json:"oidc_discovery_url"`
    // ...snip...
}

// in function call
config := oidcConfig{
    OIDCDiscoveryURL: "https://sample.url/oidc"
    // ..snip..
}
resp, err := client.Logical().Write("auth/oidc/config", config)

There are better ways of setting the config keys than this of course but hopefully gives you a trivial example.

How to configure the OIDC config with GO package-github.com/hashicorp/vault/api

1 Answers1